加入收藏 | 设为首页 | 会员中心 | 我要投稿 好传媒网 (https://www.haochuanmei.com/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 创业 > 经验 > 正文

用OpenStack Designate实现一个DNS即服务

发布时间:2021-05-22 14:10:58 所属栏目:经验 来源:互联网
导读:配置 bind(DNS 服务器) 1、生成 RNDC 文件: rndc - confgen - a - k designate - c / etc / rndc . key - r / dev / urandom cat EOF etcrndc . conf include
副标题[/!--empirenews.page--] 配置 bind(DNS 服务器)

1、生成 RNDC 文件:

rndc-confgen -a -k designate -c /etc/rndc.key -r /dev/urandom

 

cat<<EOF> etcrndc.conf

include"/etc/rndc.key";

options {

default-key "designate";

default-server {{ DNS_SERVER_IP }};

default-port 953;

};

EOF

2、将下列配置添加到 named.conf:

include"/etc/rndc.key";

controls {

inet {{ DNS_SERVER_IP }} allow { localhost;{{ CONTROLLER_SERVER_IP }};} keys {"designate";};

};

在 option 节中,添加:

options {

...

allow-new-zones yes;

request-ixfr no;

listen-on port 53{ any;};

recursion no;

allow-query {127.0.0.1;{{ CONTROLLER_SERVER_IP }};};

};

添加正确的权限:

chown named:named /etc/rndc.key

chown named:named /etc/rndc.conf

chmod600/etc/rndc.key

chown-v root:named /etc/named.conf

chmod g+w/var/named

 

#systemctl restart named

# setsebool named_write_master_zones 1

3、把 rndc.key 和 rndc.conf 推入 OpenStack 控制节点:

#scp-r /etc/rndc*{{ CONTROLLER_SERVER_IP }}:/etc/

创建 OpenStack Designate 服务和端点

输入:

# openstack user create --domain default--password-prompt designate

# openstack role add --project services --user designate admin

# openstack service create --name designate --description "DNS" dns

 

# openstack endpoint create --region RegionOne dns public http://{{ CONTROLLER_SERVER_IP }}:9001/

# openstack endpoint create --region RegionOne dns internal http://{{ CONTROLLER_SERVER_IP }}:9001/

# openstack endpoint create --region RegionOne dns admin http://{{ CONTROLLER_SERVER_IP }}:9001/

配置 Designate 服务

1、编辑 /etc/designate/designate.conf:

在 [service:api] 节配置 auth_strategy:

[service:api]

listen =0.0.0.0:9001

auth_strategy = keystone

api_base_uri = http://{{ CONTROLLER_SERVER_IP }}:9001/

enable_api_v2 =True

enabled_extensions_v2 = quotas, reports

在 [keystone_authtoken] 节配置下列选项:

[keystone_authtoken]

auth_type = password

username = designate

password = rhlab123

project_name = service

project_domain_name =Default

user_domain_name =Default

www_authenticate_uri = http://{{ CONTROLLER_SERVER_IP }}:5000/

auth_url = http://{{ CONTROLLER_SERVER_IP }}:5000/

在 [service:worker] 节,启用 worker 模型:

enabled =True

notify =True

在 [storage:sqlalchemy] 节,配置数据库访问:

[storage:sqlalchemy]

connection = mysql+pymysql://designate:rhlab123@{{ CONTROLLER_SERVER_IP }}/designate

填充 Designate 数据库:

(编辑:好传媒网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!

热点阅读